A cross-site scripting vulnerability exists in Mitsubishi Electric MC Works64, a data acquisition and monitoring system (SCADA) from Mitsubishi Electric, a Japanese company. The vulnerability is caused by a lack of data validation filtering of user-supplied data and output. An attacker could exploit the vulnerability to execute JavaScript code on the client side.